Re: Re: "who shouldn't be on-list"

[Vincent Danen <vdanen () linsec ca>]

* [2008-04-04 13:46:11 -0800] Jonathan Smith wrote:

> security curmudgeon wrote:
> | As a new subscriber who did not see specific mention of the desired list
> | population, could you clarify who you feel the list is for, or who should
> | not be on it?
>
> As I see it, the list is for members of the open-source community. Thus,
> to be admitted to the list, you either have to demonstrate that you're a
> developer of a (at least marginally notable) open source project, that
> you're a vendor who redistributes oss, or that you're a security
> researcher who audits or otherwise interacts with oss.
>
> This is, of course, only my opinion and may not reflect the rest of the
> group's ideas.

I think this is a good definition.

Bottom-line would be that this isn't a list for end-users.  End-users or
sysadmins, whatever, could be read-only subscribers... heck, that's no
different than reading web archives.

But to be a "member" of the list, with posting priveleges, I think you
need to be someone who can demonstrate an active role with some OSS --
this does not mean you need to be on a vendor security team, or the
apache/samba/whatever security contact.  You could be a grunt developer
who has an interest in security-related stuff (perhaps good programming
techniques, etc.) and as long as you're a member or developer of some
OSS with a reasonable exposure, then I think you can have a voice on the
list if you like.

Honestly, I think a lot of people will be lurkers... so for them they
never need to progress beyond read-only subscriber.  It's the people who
are interested in security (be it re-active or pro-active) that will
want to be "members" of the list.

Now, having said that, I think the ml subscription can be a lot more
open than wiki editing rights (which is a whole different ball of wax).

--
Vincent Danen @ http://linsec.ca/

Attachment: _bin
Description: